Reading the LDAP 'networkAddress' Attribute of a Server or User Object

0 Likes
A perl script to read the LDAP 'networkAddress' attribute of a server or user object from an eDirectory LDAP server and get the TCP/IP address in decimal dot notation.

The network address attribute when read via LDAP is in the form-
LDAP Format, String:
taggedData = uint32String "#" octetstring
byte 0 = uint32String = Address Type: eg. 1 = IP Address (user); 9 = TCP Address (server)
byte 1 = char = "#" - separator
byte 2 = octetstring - the ordinal value of the address

The following instructions assume that you have a working LDAP server and Perl installed with the Net::LDAP module http://ldap.perl.org/ . Of course, the LDAP 'networkAddress' attribute must be visible for your LDAP proxy user.

This script can be used a command line tool or called from another script by passing the following arguments:
- LDAP server qualified DNS name or IP address
- Base OU for the LDAP search, o=myorg
- CN of the object look up the IP address of, username or server name
In that order! eg:
netaddr.pl (ldap server) (base dn) (object)

Labels:

Collateral
Comment List
Anonymous
  • Next you will find my own function that helps me to convert the base64 coded networkAddress in awk scripts. The output of this function presents only the IP address in a dotted decimal format . I hope it can help. It was written for a french company.


    function decode(chaine){

    # Cette fonction est limitee a la conversion des netAddress IP des serveurs
    # Novell stockees dans la base eDirectory en format Base64.
    # Nous ne tenons pas compte ici des 4 premiers octets recuperes, qui precise
    # le port (NCP) et le transport (UDP, TCP, IP) qui importe peu dans cette procedure.

    BASE64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

    resultat = ""
    nextPosDec = 1

    while (length(chaine) > 0){
    # recuperation par groupe de 4 codes Base64
    for (pos=1; pos
    # Transcription du code en valeur numerique selon Base64
    for (pos=1; pos
    numCode[pos] = index(BASE64,code[pos]) - 1
    if (numCode[pos]
    }
    # Transcription des 4 codes (6 bits) en 3 octets (8 bits) valeurs
    # decimales
    octetDec[nextPosDec + 2] = (numCode[3] % 4) * 64 + numCode[4]
    octetDec[nextPosDec + 1] = (numCode[2] % 16) * 16 + int(numCode[3] / 4)
    octetDec[nextPosDec] = (numCode[1] * 4) + int(numCode[2] / 16)

    nextPosDec += 3

    chaine = substr(chaine, 5)
    }

    resultat = octetDec[5] "." octetDec[6] "." octetDec[7] "." octetDec[8]

    return resultat
    }

  • Hi, I would like to know if is there a way to provide the inverse value, I mean, I got the IP address, and I wanna compare with the value into networkAddress to see if the IP being passed to me matches with the one into NDS.

    Is that possible?

    Thanks!
  • Thanks for the C# example, works like a charm!
  • This took me a good while to figure out, so I hope that the community finds it useful. Please feel free to e-mail me if you have comments or suggestions...



    // with a connected and bound ldap connection ldapConn...

    LdapEntry server = ldapConn.Read(serverDN); // find server in tree

    // retrieve and decode the server's network address

    LdapAttribute serverNetAddr = server.getAttribute("networkaddress");

    // loop through the multivalued networkaddress field
    foreach(sbyte[] addrBytes in serverNetAddr.ByteValueArray) {

       // get the first character in the line which indicates type
       char type = (char)addrBytes[0];

       if(type == '9') { // only interested in TCP address
           string serverTCPAddr = "";
           for(int i=(addrBytes.Length-4); i<addrBytes.Length; i++) { // last four bytes are the ip address
          byte b = unchecked((byte)addrBytes[i]); // convert sbyte to byte
             serverTCPAddr = serverTCPAddr + b; // append value to string
             if(i>0 && i<(addrBytes.Length - 1))
             serverTCPAddr = serverTCPAddr + "."; // brute force the dots
        }

      }

    }
  • $addr = "";
    $addrtype = intval(substr($networkaddress, 0, 1));

    // throw away bytes 0 and 1 which should be the addrtype and the "#" separator
    $networkaddress = substr($networkaddress, 2);

    $addrtypes = array('IPX', 'IP', 'SDLC', 'Token Ring', 'OSI', 'AppleTalk', 'NetBEUI', 'Socket', 'UDP', 'TCP', 'UDP6', 'TCP6', 'Reserved (12)', 'URL', 'Count');

    $len = strlen($networkaddress);

    if ($len > 0) {
    for ($i=0; $i
    $byte = substr($networkaddress, $i, 1);
    $addr .= ord($byte);

    if ($addrtype == 1){ // dot separate IP addresses...
    $addr .= ".";
    }
    }

    if ($addrtype == 1) {
    // strip last period from end of $addr
    $addr = substr($addr, 0, strlen($addr)-1);
    }
    }
    else {
    $addr .= "address not available.";
    }

    printf($addrtypes[$addrtype] . ": " . $addr);
Related Discussions
Recommended